Analysis
-
max time kernel
176s -
max time network
185s -
platform
android_x64 -
resource
android-33-x64-arm64-20240514-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system -
submitted
23-05-2024 00:00
Static task
static1
Behavioral task
behavioral1
Sample
6913dd93c51906fa437b45a279d97a6a_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6913dd93c51906fa437b45a279d97a6a_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
General
-
Target
6913dd93c51906fa437b45a279d97a6a_JaffaCakes118.apk
-
Size
17.9MB
-
MD5
6913dd93c51906fa437b45a279d97a6a
-
SHA1
9b8ea701727d28e7bebdb005ef3b6fea0f96ad87
-
SHA256
4a25ad7a92add771ce4d69e797b3ec28be3d251f5accaff68023e06f809f1d75
-
SHA512
8b568eb47757c37a88890ae1733f7b6d13ceb0636694f101b84982a5667535154df44c1452c9a6199b410d36119a0d9114777c6e4be78bf47774ad84cb164fd2
-
SSDEEP
393216:n04p8Owz60so0X0C+ScCR/cK6w9d0e8GOY32sUnojGptaEl:DK6f/Zxb6w30e8GOJ7nojGpYM
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.yifang.erpdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yifang.erp -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.yifang.erpdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yifang.erp -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.yifang.erpdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.yifang.erp -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.yifang.erpdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.yifang.erp
Processes
-
com.yifang.erp1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD573fbbe9b572a921ba578cf545417c12c
SHA1661d71f621cd0af508de7c5bef82b455171ea822
SHA25688138155873c6e6f80d96177b4b1237b6945140b27f664b3895fc1aba5a66ac0
SHA5120b8d555a40adeeed20ba195c21fa2033dbdbd67b5caaebcc274c71008923814dc91956c0ff55d5500a31ee777483ae12594e9c819adc61f45c2d0c515eb8fa90
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
213B
MD5b77d9e844d1dd753a8b3093d7a2b8079
SHA14cf51726b7bbbe6a0a591a7594054e4e316e170f
SHA2562a71ab4c52acb2ba7c47f9418f469d2f4db2eb4c4e806d60d65b8949fb90bbf8
SHA5121c93f88fad8c55271b90974e5d6e131fb3377a50f97724cc72ecce5d32f1a291c0ff3ed29a9d89c5a1d78c1e85cc18d97687af175523016661a69cf9e9c6e671
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD53f435b6187a7cc3e3b041f5b57a324ee
SHA1eb649d362fc8e01db86948793013d77e3d8cec62
SHA2564eb612b3a21dab45d22b8d673ab792fb2aa04967ec9bf5b4e61b4390d639fd89
SHA5123c4845ee25069a56373f0240f292d0341bbeb1fc2d80e13a7f22beb8c48ed6e776980d56c94eb674b7d5f71ce0afcd03a8107a850369d3763ecf56ae4fb69d1e
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD55f4d601855e811c0a7147bb7d34b410a
SHA198f26b879eddc902c674b76519dd1210cc3b26f4
SHA2569e858c1126e106416c89801f2928671cc2ae728f00701b0bc9caeb59cf058520
SHA5124427c161e0ce7a2c68af474cef2f7395189e7bd9197af90da15f4332ffa783e10bd7cc69b1b02503d460b35c546f13f1875130094a6af8d812fb26502d26148a
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD546e4a9543300607ed05513e2d1c7d77b
SHA10550b17359951e843f489824cbfb430b3546bcee
SHA25696782b7bd82e7263b99d492578ea2ae6c4bfd736fac4132690e82c76ba071ebb
SHA5123b081ce503251f0552e904361246494a0e1865c5134fed971477ec1968bb411ffe5bc0dfbbb4b0d35d89db5de208683bc9acf8881d03b0295a816a68e71d436f